Okta's GitHub source code stolen, company downplays impact – Cybersecurity Dive




This marks the third major security incident to hit Okta this year. The company has more than 14,000 customers and at least 7,000 integrations with cloud, mobile, web and IT infrastructure providers, according to its annual report.
Okta earlier this year initially denied then later admitted it was breached by the extortion group Lapsus$. The group gained access to Okta data through a third-party vendor, then published screenshots months later to boast of the exploit and goad Okta’s response.
In August, Okta was one of 163 Twilio customers impacted by an expansive phishing attack.
That campaign, dubbed Oktapus by researchers at Group-IB, compromised 10,000 credentials across 136 organizations. Some of those included Okta identity credentials and one-time authentication codes.
In the latest incident, Okta downplayed the impact of the theft of code repositories on GitHub.
“Okta does not rely on the confidentiality of its source code for the security of its services,” an Okta spokesperson said in a statement. “This event does not impact any other Okta products, and we have been in communication with our customers.”
The company said it temporarily restricted access to the GitHub repositories and suspended GitHub integrations with third-party applications to review all recent commits to Okta repositories and validate the integrity of its code. GitHub credentials were also rotated, the company said.
“Source code has been a common target for threat actors for years,” Zaid Al Hamami, founder and CEO at DevSecOps startup BoostSecurity, said via email.
“Even though losing the source code does not directly imply that customer account breaches have occurred, attackers can go on to scan the code for additional vulnerabilities, tokens or insights that could lead to further breaches in the development and/or the production environment,” he said.
Get the free daily newsletter read by industry experts
Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell.
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started
Chief Product Officer Josh Prewitt said the company restored email access to more than three-quarters of its Hosted Exchange customers. But Rackspace officials pushed back on alleged connections to ProxyNotShell.
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
The free newsletter covering the top industry headlines

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top

Adblock Detected

Please consider supporting us by disabling your ad blocker

Refresh Page